October is National Cyber Security Awareness Month (NCSAM) in the US, which is an annual effort by the Department of Homeland Security to educate the public about privacy and security in our increasingly connected world. There are different themes each week, and this week the focus is on cybersecurity in the workplace.
Creating a culture of cybersecurity is one of the most important pieces of a business security initiative. Companies often overlook the human element in security, despite investing heavily in firewalls, security gateways, and data protection. Simple passwords and social engineering scams put the company at risk of a larger attack. Spear phishing, for example, can trick an unsuspecting employee into exposing the company to ransomware, data exfiltration, and more.
The best way to strengthen the company's human defenses is to create a culture of cybersecurity in the workplace. This takes ongoing training and awareness, as well as open communication about processes and expectations. This culture may be hard to define, but will often have these characteristics:
• Everyone takes responsibility for cybersecurity
• There are clear expectations of the individual role in protecting data and credentials
• The environment encourages honesty and open dialogue about procedures
• Security and fraud training is part of the new hire experience and is refreshed throughout the term of employment
• Social engineering and cyber threats are taken seriously at all levels of the organization
• Security practices and standards are understood and used by all
• Employees recognize potential threats, including social engineering attempts
• There is a clear method of when and how to report incidents
• There are incentives and rewards for following proper security procedures
There is no single best way to build this culture, and there is no finish line at the end. Workplace culture is always evolving, and even when you've succeeded in raising awareness you will still have plenty to do to keep your colleagues aware of the latest threats and security practices.
For more on this topic, visit the Stop. Think. Connect. Campaign Blog here, and take a look at the post, Strengthening Cybersecurity for Small Business. It includes links to other resources as well as simple and actionable steps you can take right now. And don't forget to follow #cyberaware on Twitter for the month of October to get more tips and ideas on cybersecurity and awareness.